Quote:
Originally Posted by 2HousePlague
Is that possible? How could malicious code survive the flash encryption by Youtube?
2hp |
Well, the problem is not the code
surviving the FLV encryption, the danger is of the malicious code
hijacking the encoding subroutine before it even begins.
Quote:
Quote:
Originally Posted by Tuga
Ok now you got me interested, but I would like you to get into more detail about it. They can put a script on a video and host it on youtube? And what kind of stuff can that script do to a site that is just displaying the youtube player? I really would like to know.
|
Quote:
Originally Posted by stickyfingerz
I dont think youtube allows videos with action script embedded does it? I know Ive tried it with a simliar site of a pornographic nature  and the video was automatically rejected. |
|
The problem is not so much a matter of what exploits are known at this very moment, rather what exploitable weaknesses exist that no one has discovered yet. The transition from all content (swf vids) being stored and accessed through a FMS to this new generation of dynamic-loading external FLVs has come about a much greater rate than was initially anticipated (and the increased demand is pushing up development deadlines and cutting test time prior to release).
Quote:
Originally Posted by Jace
well, isn't IE7 going to be a mandatory download here soon? nothing active or action gets by IE7 for me so far....any time anything tries to run it stops it and prompts me
happened with Zango too, Zango tried to install on my computer and IE7 said NOPE!
|
True, but unfortunately that is only for now. Once the blackhats have time enough to play with IE7 and find it's potential weaknesses, it will be open season on IE again.
Quote:
Originally Posted by KrisKross
If what you're suggesting is possible, then YouTube would have been raped to hell and back a long time ago.
Of course script kiddies have taken notice. Hell, I'm not even a script kiddie and it was one of the first thoughts that crossed my mind when I first came across YouTube.
|
That's just it (it's kind of complicated... or at least, difficult to explain), we do know that it
is possible, we just don't know how. Fortunately neither do they. Basically, it's a race to see who can figure it out first. At the moment (and for the foreseeable future), everything is fine and secure. What the future holds, however, is anybody's guess.